Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2004-06-28
2009-08-04
Mizrahi, Diane (Department: 2617)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000
Reexamination Certificate
active
07571180
ABSTRACT:
Lightweight LDAP Access Control for authorization and personalization integrates with a directory service for defining sessions for users and groups without requiring read access or modification to directory schemas. In one exemplary illustrative non-limiting implementation, authorization/personalization data is stored in a private data store outside of the LDAP directory (e.g., on a management or other server). When a user attempts to log on to the computer system, the LDAP directory is queried for a list of associated groups and/or organizational units in the normal way. To compute a resulting set of authorization/personalization rules applicable to the user, an entity (.e.g., the management or other server) traverses the organizational hierarchy of the directory groups/OU's, overriding the inherited attributes with explicitly associated ones. Integration with existing user/group/organization unit infrastructures is provided while avoiding the need to deploy additional user/group databases. In one example arrangement, an LDAP directory is queried for the list of groups and OUs during user logon. There is no need to replicate user/group directory data in a private data store of the Management Server. This improves performance and eliminates the need to synchronize data between the directory and the private data store of the Management Server. To compute the resulting set of authorization/personalization rules applicable to a user, the Management Server traverses the organizational hierarchy of directory groups/OUs, overriding the inherited attributes with the explicitly mapped ones. This minimizes the amount of administrative work for restricting access to protected resources for individuals. In many cases, users will simply inherit authorization/personalization data from the group/OUs they are members of.
REFERENCES:
patent: 6609128 (2003-08-01), Underwood
patent: 7020697 (2006-03-01), Goodman et al.
patent: 2003/0061174 (2003-03-01), Menninger
patent: 2003/0069786 (2003-04-01), Hoffman et al.
patent: 2003/0069823 (2003-04-01), Hoffman et al.
patent: 2005/0005133 (2005-01-01), Xia et al.
patent: 2007/0112790 (2007-05-01), Harvey et al.
patent: 2007/0130616 (2007-06-01), Ng et al.
patent: 2007/0150947 (2007-06-01), Vijayakumar et al.
patent: 2007/0156659 (2007-07-01), Lim
patent: 2007/0192329 (2007-08-01), Croft et al.
VeriSign Business Guide, “Establish Trust to Protect and Grow Your Online Business” (2002).
Wahl, M., “A Summary of the X.500 (96) User Schema for use with LDAPv3,” RFC 2256 (IETF Dec. 1997).
Attachmate Corporation
Mizrahi Diane
Nixon & Vanderhye PC
LandOfFree
Utilizing LDAP directories for application access control... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Utilizing LDAP directories for application access control..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Utilizing LDAP directories for application access control... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4102977